Kaymera: The Anti-Spy Android OS Made By The Hottest iPhone Hackers In Surveillance

Kaymera: The Anti-Spy Android OS Made By The Hottest iPhone Hackers In Surveillance

Kaymera – an Android operating system that works on off-the-shelf devices. Its owners also hack mobiles, whether running Google or Apple’s OS.

“We don’t have any relationship with NSO Group,” says Avi Rosen. He’s keen to put distance between the company over which he presides, the secure Android operating system maker Kaymera, and NSO, a spy tech provider whose iPhone malware was caught trying to snoop on a UAE activist and a Mexican journalist last month. Why the need for distance? The same founders of NSO – Omri Lavie and Shalev Hulio – started and still sit on the board of Kaymera. But the companies never share resources, insists Rosen, and do not collude in any way that might allow NSO’s hacker toolkits to run on Kaymera-powered phones.

Still, it’s hard not to suspect some disingenuousness. That Lavie and Shalev remain amongst Kaymera’s top brass would understandably make some uneasy. The company remains privately owned by Lavie, Shalev and a number of undisclosed investors. And Kaymera employees work in offices adjacent to NSO in the Herzelia district of Tel Aviv, though they have a home in Geneva too.

Nevertheless, Kaymera may well have an exciting security product on its hands. Investors have been impressed enough by the OS to put $13 million into the firm, the most recent round raising $10 million. According to a recent report in Israeli publication Haaretz, Rosen’s company has recorded annual sales estimated at $15 million.

Founded in November 2013, Kaymera has sought to strike a balance between security and usability. When customers come calling, the company flashes its Android software onto corporate phones (obviously, they’ll already need to use Android-compatible devices) and additional features will protect the device without any need for the user to alter their behaviour, Rosen told me.

As for what they get, the Kaymera OS takes Android – an operating system many security professionals see as weaker than iOS – and adds four levels of security. The first is encryption, both for data stored on the phone and for web traffic, meaning users don’t need to use an additional Virtual Private Network (unless they want to route their traffic through certain servers). The second is a firewall that looks at traffic passing between apps and from the device out to detect anything potentially malicious. Third, Kaymera has completely rewritten the permissions process for apps, so it can monitor every process on the device and block suspicious ones. Users can also decide which specific permissions to grant; the software tricks the app into believing it has been given permission to grab certain data or use phone resources, when really they’ve been blocked. The fourth “layer” is anomaly detection, which seeks to uncover other odd behaviour and run user-defined policies.

Unlike American competitor Blackphone, Kaymera “built security into the lowest level of Android” and can work on off the shelf devices, Rosen said.

A former RSA executive, Rosen uses all the sales talk you expect from a security industry professional when bragging about his product. “We built a holistic solution that can protect against modern threats… it raises the bar significantly,” he added. Despite the swanking, Rosen won’t comment on the number of customers he has, only noting thousands of devices were currently running Kaymera. He won’t divulge cost either.

Sounds impressive. And, according to Rosen, more secure than Apple’s operating system. His tweaked version of Google’s Android OS is much more secure, he claims. And it’ll even block NSO’s arsenal from blowing away your privacy shield. Rosen won’t tell if he’s tested NSO on Kaymera, however.

Of Apple’s device, Rosen notes, without a whiff of irony, that NSO’s exploits proved iOS to be weak. Indeed, NSO appeared to have developed a way to silently jailbreak – i.e. completely take over – and iPhone by exploiting three unpatched iOS vulnerabilities with just a click of a link in a text – a remarkable, unprecedented feat. (It may have worked with another organization to develop exploits – the company declined to comment on that).

“It creates a false sense of security,” Rosen added. “Everything they [Apple] do will never be as secure as Kaymera.”

But only governments and private businesses can benefit. Due to those customer restrictions, the individuals who might need protecting most from NSO’s malware won’t be able to get the Kaymera OS. Activists such as UAE’s Ahmed Mansoor – who was hit with malware not just from NSO, but from other bêtes noires of human rights orgs, Hacking Team and FinFisher – will have to make do with standard devices and some common sense.

On each occasion Mansoor was targeted by one of the three spyware makers, he didn’t click on the suspicious links sent via email and text. Instead, he reported them to surveillance software investigators at Citizen Lab. In the case of NSO, the Citizen Lab crew investigated, informed Apple and within just 10 days the exploits abused by the Israeli firm were closed off.

Now that’s a rather remarkable way to protect hundreds of millions of individuals from government surveillance, all for free.

IMPORTANT MESSAGE: Scooblrinc.com is a website owned and operated by Scooblr, Inc. By accessing this website and any pages thereof, you agree to be bound by the Terms of Use and Privacy Policy, as amended from time to time. Scooblr, Inc. does not verify or assure that information provided by any company offering services is accurate or complete or that the valuation is appropriate. Neither Scooblr nor any of its directors, officers, employees, representatives, affiliates or agents shall have any liability whatsoever arising, for any error or incompleteness of fact or opinion in, or lack of care in the preparation or publication, of the materials posted on this website. Scooblr does not give advice, provide analysis or recommendations regarding any offering, service posted on the website. The information on this website does not constitute an offer of, or the solicitation of an offer to buy or subscribe for, any services to any person in any jurisdiction to whom or in which such offer or solicitation is unlawful.